With all of the issues that can arise from a computer or internet, we have all grown to trust certain companies and software packages a bit more than the other brands. Everyone seems to have their own preferences in who they will allow to put their products on their home or business computers. Unfortunately for most computer and internet users, there are some programs, software and websites alike that will not let you view their wares, purchase or play their games, or even just shop around without downloading a product called Java.
There was recently a flaw revealed openly by two experts. The researcher said he made the decision to go public only after Sun explained to him in reply to his complaint that they did not feel that the flaw was as serious a vulnerability as he made it out to be. So what is the flaw? This flaw leaves anyone running any windows operating system platform vulnerable to web based attacks that could lead to a total compromise of any system.
The flaw also discovered independently was quoted as occurring because the Java plug is running “javaws.exe” without asking permissions to run it. Variables such as these can be controlled by hackers through distinctively created embed HTML tags within any web page. This allows a hostile hacker to bypass restrictions to the java utility which in turn allows the hackers to use command line disputes to make use of weaknesses.
The flaw in Java affects all versions since Java SE 6 update 10 for Windows. Some users, who have hoped that disabling Java on their systems would allow them to protect themselves, have found differently. Unfortunately disabling the program is not going to protect you from the vulnerabilities built into the java toolkit itself.
For now, the users who are affected by this exploit should likely take the time to send off an email to Sun Java Company itself. For the most part they are convinced that the exposed vulnerability is not enough for them to have to alter their quarterly patch update for their program.